CVE-2025-13223

Published Nov 17, 2025

Last updated 4 months ago

Exploit knownCVSS high 8.8
Google Chrome V8
C++

Overview

Description
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Analyzed
Products
chrome

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Google Chromium V8 Type Confusion Vulnerability
Exploit added on
Nov 19, 2025
Exploit action due
Dec 10, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-843
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-843

Social media

Hype score
Not currently trending

  1. 🚨CISA Warns of Google Chrome 0-Day Vulnerability Exploited in Attacks Source: https://t.co/t803TJCVM6 CISA has issued an urgent alert about a zero-day vulnerability in Google Chrome, actively exploited by threat actors. CVE-2025-13223 is a flaw in the Chromium V8 JavaScrip

    @SofiaMoonsX

    17 Feb 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Re: CVE-2025-13223 - so we can change the field repr (for SMI and HeapObject) without deopt before extending properties. But we still can't do loads/stores on that field as FieldRepr deps will be installed... https://t.co/KO6gChtHdX

    @mistymntncop

    7 Feb 2026

    1270 Impressions

    3 Retweets

    19 Likes

    11 Bookmarks

    2 Replies

    0 Quotes

  3. CVE-2025-13223 seems a bit like of a chicken and egg problem...

    @mistymntncop

    25 Jan 2026

    1997 Impressions

    2 Retweets

    15 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-13223 - goes from a more generic MachineType::kTagged to a more specific MachineType::kTaggedPointer. Uhh, what?

    @mistymntncop

    20 Jan 2026

    1821 Impressions

    0 Retweets

    16 Likes

    8 Bookmarks

    2 Replies

    0 Quotes

  5. #VulnerabilityReport #browsersecurity Google Patches Actively Exploited Chrome Zero-Day Flaw (CVE-2025-13223) in Emergency Update https://t.co/nFvncRb6mP

    @Komodosec

    24 Dec 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Kritikus zero-day sebezhetőséget javítottak a Chrome 142-es frissítésében A Google hétfőn publikálta a Chrome 142-es frissítését, egy már aktívan kihasznált zero-day sérülékenység javítására. A CVE-2025-13223 azonosítón nyomon követett, a V8 JavaScript-

    @linuxmint_hun

    2 Dec 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. After analyzing 89% of vulnerabilities from past week, CVE-2025-13223 has 82 articles published from different internet sources, no other cve has these many articles. More information here: https://t.co/SyyDujjO8C #vulnerability #CyberSecurity #ThreatIntel #CVE #SecurityAlert

    @stooee_

    29 Nov 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. After analyzing 89% of vulnerabilities from past week, CVE-2025-13223 has 82 articles published from different internet sources, no other cve has these many articles. More information here: https://t.co/SyyDujjO8C #vulnerability #CyberSecurity #ThreatIntel #CVE #SecurityAlert

    @stooee_

    28 Nov 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 Chrome Zero-Day aktiv ausgenutzt! Google fixt eine kritische Lücke (CVE-2025-13223) in der V8-Engine. Schon der Besuch präparierter Websites kann Schadcode ausführen. updaten! ➡️ Chrome 142.0.7444.175+ installieren & Browser neu starten. #CyberSecurity #ZeroDay #

    @HanseSecure

    28 Nov 2025

    153 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Chrome のゼロデイ脆弱性 CVE-2025-13223/13224 が FIX:積極的な悪用を観測 https://t.co/5oP4VB4Rf4 Chrome のゼロデイが悪用されていた原因として、V8

    @iototsecnews

    28 Nov 2025

    149 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. 🚩 Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day https://t.co/X7ngIZdqI3 Google patched a type-confusion vulnerability in the V8 JavaScript/WebAssembly engine (CVE-2025-13223, CVSS 8.8) that is already being exploited in the wild to run arbitrary code

    @Huntio

    26 Nov 2025

    1176 Impressions

    3 Retweets

    9 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  12. A zero-day Chrome/Chromium flaw CVE-2025-13223 (CVSS 8.8) is being actively exploited. The V8 engine bug lets attackers compromise systems via malicious pages. Our blog shows how Wazuh detects this threat. Read more: https://t.co/R9lHKKUuHw #InfoSec #OpenSource #CyberSecurity

    @wazuh

    26 Nov 2025

    659 Impressions

    13 Retweets

    22 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  13. Google Chrome just got patched against a critical zero-day, CVE-2025-13223, that’s already being actively exploited 📷 One wrong click or just visiting a malicious page could let attackers run arbitrary code on your machine. Update Chrome immediately (desktop & Linux / m

    @connecti

    26 Nov 2025

    45 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Multiples vulnérabilités dans Google Chrome (18 novembre 2025) — De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. Google indique que la vulnérabili

    @RotateKeys

    26 Nov 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Google publica una corrección de seguridad para la vulnerabilidad de día cero de Chrome V8 explotada activamente. La vulnerabilidad en cuestión es CVE-2025-13223 (puntuación CVSS: 8,8). #ciberseguridad #cybersecurity https://t.co/MP6rQEkvZg

    @EHCGroup

    25 Nov 2025

    8 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 Google Chrome CVE-2025-13223 Zero-Day Exploitation [High] Nov 24, 2025 Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #CyberSecurity #Innovation #LLM #CyberSecurityWarning https://t.co/GRXm9QTlty

    @transilienceai

    24 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. What if your browser quietly handed control to a hacker while you scroll? That’s happening right now. A flaw in #Chrome’s #JavaScript engine, V8, called CVE-2025-13223, is already being used. No one knows how many devices are already hit. https://t.co/YTlTZEijxk

    @v_shakthi

    24 Nov 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 Chrome CVE-2025-13223 is actively exploited.Your logs know what happened.But can you see them?Syslog to ELK gives you: → Real-time threat detection → Centralized visibility → Instant log correlation https://t.co/XU7viLnsK6 #Cybersecurity #ELK #SIEM #ThreatDetection ht

    @suniltiwari4509

    24 Nov 2025

    32 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    2 Quotes

  19. Chrome使ってる全員に告ぐ⚠️ CVE-2025-13223 = Webサイト閲覧だけで感染 = すでに攻撃で悪用中 = 34億人が標的 対策してない人、マジでヤバい。 ▼9割が知らない5つの緊急対策 https://t.co/gGPUSJxcgn

    @Uriuri_Lecturer

    23 Nov 2025

    30 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  20. 昨日まで「セキュリティなんて面倒」 って思ってた人へ CVE-2025-13223を知ったら 考えが180度変わると思います。 普通にネット見てただけなのに 気づいたらパソコン乗っ取られてる… そんな悪夢が現実に起

    @Uriuri_Lecturer

    23 Nov 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. Come on @openai @perplexity_ai why can't I find any information about CVE-2025-13223 with respect to Comet nor Atlas? Seems likely both are vulnerable, but no indication either has been patched, and I can't find any statement saying you're not vulnerable and why.

    @scode

    22 Nov 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Chrome users, heads up: a critical V8 flaw (CVE-2025-13223) is now on CISA’s Known Exploited list. Hackers can use it to corrupt memory and run code. If your business runs Chrome, patch it now before they patch you. https://t.co/pY45tTUPJX #CyberSecurity #ClickSmart

    @lowcountrycyber

    21 Nov 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🔐 Critical #openSUSE Chromium Patch Alert The latest Chromium update for openSUSE addresses two significant vulnerabilities: CVE-2025-13223 and CVE-2025-13224. Read more: 👉 https://t.co/Gcg4bxo368 #Security https://t.co/LFMSdMjuFj

    @Cezar_H_Linux

    21 Nov 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨 Important Security Alert for #openSUSE Users 🚨 A mandatory Chromium update is available to address critical type confusion bugs in the V8 JavaScript engine (CVE-2025-13223 & CVE-2025-13224). Read more: 👉 https://t.co/uHChIv5DrA #Security https://t.co/JK9retc6VU

    @Cezar_H_Linux

    21 Nov 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🚨CISA ostrzega przed aktywnie wykorzystywaną luką 0-Day w Google Chrome (CVE-2025-13223) w silniku V8. Błąd typu „type confusion” umożliwia zdalne wykonanie kodu. Google załatało problem 19.11.2025 - zaktualizuj Chrome do wersji 131.0.6778.72 lub nowszej. @Zaufana3

    @CyberScopePl

    21 Nov 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. Important security update: @opera, @operagxofficial, Opera Air, and Opera for Android have received a security fix for the latest zero-day vulnerability in Chromium: CVE-2025-13223. Update now to the latest versions: Opera One (124.0.5705.42) Opera GX (124.0.5705.38) Opera Air

    @Opera_Security

    20 Nov 2025

    94 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  27. Important security update: @opera, @operagxofficial, Opera Air, and Opera for Android have received a security fix for the latest zero-day vulnerability in Chromium: CVE-2025-13223. Update now to the latest versions: Opera One (124.0.5705.42) Opera GX (124.0.5705.38) Opera Air

    @Opera_Security

    20 Nov 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Chrome exploit is live and on CISA’s radar. CVE-2025-13223 lets attackers run code via V8 engine flaws—translation: your browser could become their playground. SMBs, update Chrome now or risk getting burned. https://t.co/pY45tTUPJX #CyberSecurity #BrowserSecurity

    @lowcountrycyber

    20 Nov 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🚨CISA Warns of Google Chrome 0-Day Vulnerability Exploited in Attacks Source: https://t.co/DCXNg2QE6x CISA has issued an urgent alert about a zero-day vulnerability in Google Chrome, actively exploited by threat actors. CVE-2025-13223 is a flaw in the Chromium V8 JavaScrip

    @The_Cyber_News

    20 Nov 2025

    6971 Impressions

    46 Retweets

    139 Likes

    38 Bookmarks

    1 Reply

    2 Quotes

  30. 米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1464 CVE-2025-13223 Google Chromium V8 Type Confusion Vulnerability ============= CVSSスコア: 8.8 (Base) / CISA-ADP CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 種別:型

    @piyokango

    20 Nov 2025

    4203 Impressions

    2 Retweets

    11 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  31. Alerta de Seguridad: Google Lanza Parche Crítico para un ‘Zero-Day’ en Chrome Explotado Activamente (CVE-2025-13223) https://t.co/MMJaraOtMB #CiberSeguridad #Internet #Noticia #Tecnología vía @unaaldia https://t.co/mBBbX3IQW3

    @Securizame

    20 Nov 2025

    220 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Google urges 2 billion Chrome users to install an emergency update for a critical “type confusion” flaw (CVE-2025-13223) already being exploited. Fully restart your browser to stay protected. #etimes #etimespakistan #news #GoogleChrome #ChromeUpdate #CyberSecurity #TypeConfus

    @eTimesPakistan

    20 Nov 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 🚨 Another Zero-Day in Chrome – This is the 7th one in 2025! 🚨 Google just emergency-patched CVE-2025-13223 – a critical type confusion flaw in V8 that is already being exploited in the wild. Attackers can trigger heap corruption and potentially run code on your machine

    @42sudhir

    20 Nov 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. CISA warnt vor aktiv ausgenutzter V8-Schwachstelle in Google Chrome - Da bereits funktionierende Exploits für CVE-2025-13223 kursieren, sollten Unternehmen und Endnutzer Chrome schnellstmöglich aktualisieren. https://t.co/Ft0SMSuZYb #Google #patch

    @KolaricDav5471

    20 Nov 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Chrome users in SEA, update now! Google patches seventh zero-day CVE-2025-13223 actively exploited in the wild. #thisisgamesea https://t.co/6sp5GTFakW

    @ThisIsGameSEA

    20 Nov 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. ZDNetによると、Google ChromeのV8エンジンに新たなゼロデイ脆弱性「CVE-2025-13223」が発見され、悪意あるHTMLでメモリー破損を引き起こし、既に攻撃が確認されています。緊急のアップデート(Windows/Linux版142.0.7444.17

    @NewsBrowseJP

    19 Nov 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🚨 #Google Chrome V8 Flaw #CVE-2025-13223 Added to CISA’s Exploited Vulnerabilities List https://t.co/I17CR7ucJt

    @UndercodeNews

    19 Nov 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Google、Chromeを緊急アップデート-サイバー攻撃への悪用が確認されている複数の脆弱性を修正(CVE-2025-13223,13224) https://t.co/kx37s7uCxz #セキュリティ対策Lab #セキュリティ #Security

    @securityLab_jp

    19 Nov 2025

    122 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. CISAが既知の脆弱性1件をカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Nov 19) CVE-2025-13223 Google Chromium V8 の型混乱の脆弱性 https://t.co/FsZVjdfSDu

    @foxbook

    19 Nov 2025

    291 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability 🚨💥 Google releases security update for Chrome to fix two active exploitation vulnerabilities, including CVE-2025-13223 (CVSS score: 8.8). Type confusion vulnerability in V8 JavaScript and ht

    @HackonomicNews

    19 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. CVE-2025-13223: Google Chromium V8 Type Confusion Vulnerability has been added to the CISA KEV Catalog https://t.co/9idGUAHIKd CVSS: 8.8

    @DarkWebInformer

    19 Nov 2025

    3225 Impressions

    3 Retweets

    10 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  42. Another Chrome zero-day (CVE-2025-13223), already under attack, just got patched. If your team’s still dragging their feet on updates, your data’s on the line. SMBs: push that Chrome update now or risk a breach. https://t.co/1srQPUdULW #CyberSecurity #PatchNow

    @lowcountrycyber

    19 Nov 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 🛡️ We added Google Chromium V8 type confusion vulnerability CVE-2025-13223 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/U7AVLgtbXD

    @CISACyber

    19 Nov 2025

    7547 Impressions

    23 Retweets

    51 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  44. Heads up, Google pushed a critical Chrome update for a zero-day (CVE-2025-13223) in its V8 JavaScript engine, and it's already being exploited in the wild. If you’re still on an old build, update Chrome right now before someone else takes advantage. (Source:

    @TechTal3s

    19 Nov 2025

    28 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Chrome has released an emergency update to fix its 7th zero-day vulnerability (CVE-2025-13223) this year, a type confusion flaw in the V8 JavaScript engine. Update to version 142.0.7444.175/.176. https://t.co/VoGPN30Weq

    @Jfreeg_

    19 Nov 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Zero-Day explotado activamente en navegador Google Chrome V8 Google corrigió dos fallos críticos en V8, incluyendo la vulnerabilidad CVE-2025-13223, que ha sido explotada activamente https://t.co/S60OQd3cdH… https://t.co/t4HyaDaiWr

    @teamsixinvestig

    19 Nov 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Zero-Day explotado activamente en navegador Google Chrome V8 Google corrigió dos fallos críticos en V8, incluyendo la vulnerabilidad CVE-2025-13223, que ha sido explotada activamente https://t.co/JZYa3V9FJ6 https://t.co/ENDOVtK8vu

    @elhackernet

    19 Nov 2025

    3827 Impressions

    14 Retweets

    51 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨 New Chrome Zero-Day (CVE-2025-13223) — One tab is all it takes. Actively exploited. Used for real-world attacks. I break down the full exploit chain + sandbox escapes (Mojo & ANGLE/GPU) in today’s episode of 🧠 System Fracture. Watch here 👉 https://t.co/oe9U9vED

    @PBSech

    19 Nov 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. 🚨Upozorňujeme na aktivně zneužívanou zranitelnost v Google Chrome, CVE-2025-13223. Upozornil na ni i Google a je způsobená špatným typováním ve V8 JavaScript Engine. Tato chyba umožňuje vzdáleným útočníkům zneužít poškození paměti pomocí speciálně vyt

    @GOVCERT_CZ

    19 Nov 2025

    448 Impressions

    1 Retweet

    5 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  50. Alerta de Seguridad: Google Lanza Parche Crítico para un ‘Zero-Day’ en Chrome Explotado Activamente (CVE-2025-13223) https://t.co/EDVODXeBIW

    @unaaldia

    19 Nov 2025

    437 Impressions

    2 Retweets

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)CVE-2026-5915
  2. Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)CVE-2026-5912
  3. Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)CVE-2026-5918
  4. Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)CVE-2026-5914
  5. Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)CVE-2026-5911

References

Sources include official advisories and independent security research.